<?php

session_start();
$user_name = htmlspecialchars($_POST['user_name']);
$user_pwd = htmlspecialchars($_POST['user_pwd']);
//htmlspecialchars()：将特殊字符转换为HTML实体，以防止XSS（跨站脚本攻击）。
require "query_db.php";   // 连接数据库
// $sql = "select user_name,user_pwd from user_info where user_name ='$user_name' and user_pwd='$user_pwd'";
// // echo $sql;
// if (mysqli_num_rows(mysqli_query($conn, $sql)) >= 1) {
//     $_SESSION['user_name'] = $user_name;
//     setcookie('username', $username, time() + 3600);


$sql = "select user_name,user_pet,user_pwd from user_info where user_name ='$user_name' and user_pwd='$user_pwd'";
// echo $sql;
$result = mysqli_query($conn, $sql);  // 执行sql语句查询并返回结果
if (mysqli_num_rows($result) == 1) {  //函数返回结果的行数
    $row = mysqli_fetch_assoc($result);  //该函数获取查询结果的一行，放入数组中
    // echo $row['user_name'];
    $_SESSION['user_name'] = $row['user_name'];
    $_SESSION['user_pet'] = $row['user_pet'];
    setcookie('user_name', $user_name, time() + 3600);
    echo "<script>alert('登录成功！');window.location.href='message_index.php';</script>";
} else {
    echo "<script>alert('用户名或密码错误！');window.location.href='index.php';</script>";
}
mysqli_close($conn);